Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

plugin doesn't like alternative name in ssl certificate #4

Closed
Napsty opened this Issue Feb 19, 2019 · 1 comment

Comments

Projects
None yet
1 participant
@Napsty
Copy link
Owner

Napsty commented Feb 19, 2019

$ ./check_es_system.sh -H elasticsearch.example.com -P 9243 -S  -u user -p pass -d 128 -t disk
json read error: line 2 column 0: '[' or '{' expected near end of file
expr: syntax error
expr: syntax error
./check_es_system.sh: line 159: [: -ge: unary operator expected
./check_es_system.sh: line 162: [: -ge: unary operator expected
ES SYSTEM OK - Disk usage is at % ( G from 128 G)|es_disk=B;109951162777;130567005798;;

Reason for this in the background is a missing "-k" parameter.
When the plugin detects required authentication, a second curl is fired but this curl does not have the -k parameter as the first curl. This results in the following curl error and curl refuses to continue:

$ curl -s --basic -u user:password https://elasticsearch.example.com:9243/_cluster/stats -v
* Hostname was NOT found in DNS cache
*   Trying 34.246.11.54...
* Connected to elasticsearch.example.com (34.246.11.54) port 9243 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* 	 subject: CN=*.eu-west-1.aws.found.io
* 	 start date: 2018-06-04 00:00:00 GMT
* 	 expire date: 2019-07-04 12:00:00 GMT
* 	 subjectAltName does not match elasticsearch.example.com
* SSL: no alternative certificate subject name matches target host name 'elasticsearch.example.com'
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):

@Napsty Napsty self-assigned this Feb 19, 2019

@Napsty Napsty added the bug label Feb 19, 2019

@Napsty

This comment has been minimized.

Copy link
Owner Author

Napsty commented Feb 19, 2019

Commit a8a000d fixes this.
It also improves the speed of the plugin as the first curl is skipped when -u parameter was used.

@Napsty Napsty closed this Feb 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.